OSSEC reporting
Valenti, Roberto (Bob)
To whom may be of help!
Finally got a few agents installed. Works well. Also have web ui working. I would like to know how to enable reporting and daily email reports to myself. I use the following and doesn’t start ossec-hids…
<ossec_config>
<reports>
<category>authentication_success</category>
<user type="relation">srcip</user>
<title>Daily report: Successful logins</title>
<email_to>m...@example.com</email_to>
Something tells me I need the snapshots to make this work (see below). When I go to download it gives me an error telling me site is now gone.
If you want to receive daily email reports (summaries) of your OSSEC alerts, you will like this new feature.
First, start off by downloading the latest snapshot: http://www.ossec.net/files/snapshots/ (get the latest file from there).
Any help is greatly appreciated….
Thanks!
Roberto Valenti
Director IT Operations
GRYPHON NETWORKS
617-279-2687 (Direct) | 508-826-1486 (Mobile)
► 100 Summer Street, Suite 800, Boston, MA 02110
This email and any files transmitted with it may contain confidential or legally privileged information and are intended solely for the use of the individual to whom it is addressed and others authorized to receive it. If you are not the intended recipient you are hereby notified that any use, disclosure, copying, or distribution of the information included in this transmission is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by responding to this email and then delete it from your system.
dan (ddp)
<rval...@gryphonnetworks.com> wrote:
> To whom may be of help!
>
>
>
> Finally got a few agents installed. Works well. Also have web ui working.
> I would like to know how to enable reporting and daily email reports to
> myself. I use the following and doesn’t start ossec-hids…
>
>
>
> <ossec_config>
>
> <reports>
>
> <category>authentication_success</category>
>
> <user type="relation">srcip</user>
>
> <title>Daily report: Successful logins</title>
>
> <email_to>m...@example.com</email_to>
>
trying to track them down for a while, but without success.
I'm about ready to remove the feature. It can be handled using
`ossec-reportd` and cron, so having the extra code sitting around
seems silly to me.
>
>
> Something tells me I need the snapshots to make this work (see below). When
> I go to download it gives me an error telling me site is now gone.
>
>
>
> If you want to receive daily email reports (summaries) of your OSSEC alerts,
> you will like this new feature.
>
> First, start off by downloading the latest snapshot:
> http://www.ossec.net/files/snapshots/ (get the latest file from there).
>
>
>
> Any help is greatly appreciated….
>
> Thanks!
>
>
>
> Roberto Valenti
>
> Director IT Operations
>
> GRYPHON NETWORKS
>
> 617-279-2687 (Direct) | 508-826-1486 (Mobile)
>
> ► 100 Summer Street, Suite 800, Boston, MA 02110
>
> ► gryphonnetworks.com
>
>
>
> This email and any files transmitted with it may contain confidential or
> legally privileged information and are intended solely for the use of the
> individual to whom it is addressed and others authorized to receive it. If
> you are not the intended recipient you are hereby notified that any use,
> disclosure, copying, or distribution of the information included in this
> transmission is strictly prohibited and may be unlawful. If you have
> received this communication in error, please immediately notify the sender
> by responding to this email and then delete it from your system.
>
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.